-
Notifications
You must be signed in to change notification settings - Fork 288
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Package dependency Azure.Identity with high vulnerability #2195
Comments
@pampua84 What have you tried? In addition, this will be fixed in 5.2 preview 4 |
Hi @ErikEJ,
I see that Microsoft.Data.SqlClient 5.1.1 supports any version later than >= 1.7.0, of Azure.Identity, so updating it shouldn't cause any problems. Right? |
Correct |
Closing as a duplicate of #2181. |
Describe the bug
Hi,
as per the description in the object, when the package is installed, it brings as a dependency version 1.7.0 of Azure.Identity which has a strong vulnerability up to version 1.10.2 , as also reported in the link:
https://github.com/advisories/GHSA-5mfx-4wcx-rv27
and also on nuget.org:
https://www.nuget.org/packages/Azure.Identity/1.7.0
If you update the Azure.Identity library to the latest version, are there any breaking changes?
The text was updated successfully, but these errors were encountered: